We’re proud to announce that our copy of wolfCrypt has officially again received FIPS 140-3 validation, listed under certificate #5041, posted on July 18, 2025 by NIST. This validation reflects our continued commitment to building secure, standards-compliant products using rigorously tested cryptography.
This FIPS 140-3 version of wolfCrypt improves on the earlier 140-2 validation in several key ways:
- Faster boot times: Self-tests are deferred until the first use of each algorithm, rather than running all at startup.
- Optimized for embedded systems: Minimal footprint, low power consumption, and efficient performance for real-time and resource-constrained environments.
- Expanded algorithm support, including:
- AES-OFB mode
- RSA 3072, 4096, and PSS
- TLS 1.2 and TLS 1.3 key derivation functions (KDF)
- SSH KDF
- New degraded mode: If an algorithm self-test fails, others can remain available, improving system resilience.
We selected Acumen Security as our FIPS lab partner for this effort and sincerely appreciate their professionalism and expertise throughout the validation process.
wolfCrypt’s FIPS-validated module can be used as a drop-in OpenSSL engine or provider, making it easy to integrate into existing applications. It’s ideally suited for embedded use cases like secure networking, medical devices, and industrial control systems.
Certificate #5041 offers all the same algorithms as certificate #4718, but will sunset on July 17, 2030. After that, continued use will require revalidation or transition to a newer certificate.
To learn more about FIPS 140-3 and the transition from 140-2, wolfSSL has published helpful resources:
For questions or integration support for FIPS, contact us at fips@wolfssl.com
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now